Roy, DP (Professor)Hailu, Banchi2018-06-272023-11-042018-06-272023-11-042008-02http://etd.aau.edu.et/handle/123456789/3949SSH, Secure Shell, is a protocol that allows user to log into another computer, to execute commands in a remote machine, and to move files from one machine to another securely over an insecure network. It provides cryptographic authentication, encryption and data integrity to secure network communications. Negotiation of the security parameters and authentication of the peers require using public key cryptosystems. Public key operations are generally slow. In order to improve the performance of the protocol and make it applicable in both powerful and resource constrained environments Elliptic Curve Cryptography is used. In addition, since SSH uses plain public keys to authenticate a remote server, always the first time authentication is vulnerable to the Man-in-the-Middle attack. Using a public key certificate as a host key will eliminate the above vulnerability. And it requires a PKI, Public Key Infrastructure to support the certificate approach. PKI may potentially impact the performance of the security protocol. And PKI path validation techniques (certificate revocation status checking) need more storage capacity, more communication cost and more processing time. This seems to have a problem to scale with large communicating nodes. In this thesis, SSH’s key exchange handshake is implemented using java and bouncy castle cryptographic api. Performance with RSA (Rivest-Shamir-Adleman) and ECDH_ECDSA (Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm) key exchange suites have been compared for both PKI and non-PKI authentication. Client waiting time (key exchange latency), server key exchange throughput, and revocation status message size have been measured for each key exchange suite. Simulation results show that ECC has better processing time performance and better throughput than RSA. Response time and revocation status message size are minimum when Authenticated Directories are used as a certificate status responder. Keywords used: SSH, PKI, Elliptic Curve Cryptography, ECDH, ECDSA, certificate, certificate path validation, certificate revocation status checking, key exchange handshake, authentication, Authenticated Dictionaries and RSA.enSshPkiElliptic Curve CryptographyEcdhEcdsaCertificateertificate Path ValidationCertificate Revocation Status CheckingKey Exchange HandshakeAuthenticationAuthenticated Dictionaries and RsaThesis